Attack Surface Reduction

By
Tony Tanzi
·
April 17, 2014

Limiting Exposure: Protecting yourself from the various cybersecurity attacks is more than just implementing the latest and greatest technologies. There should also be a thought process of pro-actively reducing the attack surface to limit what is exposed as well in conjunction implementing these new technologies that can detect the ever elusive new cyberthreats. While there is still a great deal of Zero day malware that is being detected, a great majority of attacks still try to take advantage of known vulnerabilities.

Below are a few recommended tactics to help reduce the attack surface:

Reducing the number or ports/services that are open on the firewall and trying to limit this to only what is required for business purposes.

Using a next generation firewall to granularly control based on application as opposed to controlling traffic based on ports/services. IE. Port 80 is no longer just web browsing traffic.

Eliminating any unnecessary protocols and services running on endpoints or servers.

Using identity management to provide granular access to applications based on privilege level. This also provides a way of tracking in logs based on user identity as opposed to just source IP address.

Some customers are taking this a step further and segmenting their internal network so the firewall needs to be traversed even for internal traffic. This provides the ability to scan this internal traffic for threats.